From: oga Date: Fri, 29 Aug 2008 13:44:23 +0000 (+0000) Subject: Don't memcpy too far whem drm_realloc() is called with a smaller size. X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=c970e88842aafe77522fded9af754997f22880b9;p=openbsd Don't memcpy too far whem drm_realloc() is called with a smaller size. This was never noticed since it's always used with a larger size. Noticed by Stephane Marchesin. --- diff --git a/sys/dev/pci/drm/drm_memory.c b/sys/dev/pci/drm/drm_memory.c index 91828111eec..81dc4a10e98 100644 --- a/sys/dev/pci/drm/drm_memory.c +++ b/sys/dev/pci/drm/drm_memory.c @@ -72,7 +72,7 @@ drm_realloc(void *oldpt, size_t oldsize, size_t size, int area) if (pt == NULL) return NULL; if (oldpt && oldsize) { - memcpy(pt, oldpt, oldsize); + memcpy(pt, oldpt, min(oldsize, size)); free(oldpt, M_DRM); } return pt;